Trojan:Win64/Reflo.HNS!MTB Virus Analysis & Removal Guide– Gridinsoft Blog
Tags
attack-pattern: Data Credentials - T1589.001 Keylogging - T1056.001 Keylogging - T1417.001 Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Social Media Accounts - T1585.001 Social Media Accounts - T1586.001 Software - T1592.002
Show in Graph
Common Information
Type Value
UUID 61386ed5-cc1b-4e7e-9f3f-58004ee7b894
Fingerprint a5351d778d7b8a19
Analysis status DONE
Considered CTI value -2
Text language
Published Sept. 3, 2024, 9:42 p.m.
Added to db Sept. 4, 2024, 12:37 a.m.
Last updated Nov. 17, 2024, 6:55 p.m.
Headline Trojan:Win64/Reflo.HNS!MTB Virus Analysis
Title Trojan:Win64/Reflo.HNS!MTB Virus Analysis & Removal Guide– Gridinsoft Blog
Detected Hints/Tags/Attributes 55/1/20
Source URLs
Redirection Url
Details Source https://gridinsoft.com/blogs/trojan-win64-reflo-hns-mtb/
URL Provider
Details Provider Source level domain
Details gridinsoft.com gridinsoft.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 131 Gridinsoft Blog https://gridinsoft.com/blogs/rss 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 138 
setup.py
Details Domain 1 
redtiger-tools-main.zip
Details Domain 1 
appname.zip
Details Domain 1 
3bp7szl6ehbrnitmbyxzvcm3ieu7ba2kys64oecf4g2b65mcgbafzgqd.onion
Details Domain 1 
55niksbd22qqaedkw36qw4cpofmbxdtbwonxam7ov2ga62zqbhgty3yd.onion
Details Domain 1 
7mejofwihleuugda5kfnr7tupvfbaqntjqnfxc4hwmozlcmj2cey3hqd.onion
Details Domain 1 
ajlu6mrc7lwulwakojrgvvtarotvkvxqosb4psxljgobjhureve4kdqd.onion
Details File 409 
c:\windows\system32\cmd.exe
Details File 1 
c:\users\  c:\windows\system32\cmd.exe
Details File 1 
c:\users\  python setup.py
Details File 3 
c:\windows\syswow64\unarchiver.exe
Details File 1 
c:\users\user\desktop\redtiger-tools-main.zip
Details File 3 
c:\windows\syswow64\7za.exe
Details File 5 
c:\windows\system32\7za.exe
Details File 1 
c:\users\user\desktop\appname.zip
Details File 20 
c:\windows\system32\conhost.exe
Details Windows Registry Key 2 
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System
Details Windows Registry Key 1 
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Command
Details Windows Registry Key 1 
HKEY_LOCAL_MACHINE\Software\Microsoft\COM3
Details Windows Registry Key 1 
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ComputerName\ActiveComputerName